Category Archives: Tools

Version 0.3.4 of binwalk has just been released. New and improved signatures have been added to the magic file, and more importantly, an update feature has been built in that lets you update your magic file definitions to the latest SVN check in.

To update your magic signatures, just run:

# binwalk -u

New file system signatures have also been added in this release, as well as improved LZMA signatures.

While the recent v0.2.1 release was a bug fix release, v0.3.0 has added some important new features:

Include and exclude filters now match search terms on anything in the resulting output rather than just matching the first line description from the magic file.

Signatures that are two bytes or less in length tend to produce a huge number of false positives. In v0.3.0 these signatures are disabled by default in order to prevent being overloaded with false positive matches. These signatures can be enabled using the new -a or -i options.

So you’ve got an embedded device that’s running Linux, you’ve tapped into the board’s serial port and you have a root shell. You’re poking around and want to run netstat/netcat/grep/whatever – but it’s not installed! And what’s worse, the device doesn’t have any utilities to perform a network file transfer. How do you get the file you want to execute from your host machine up to the embedded device?

Transferring ASCII files can be done with minicom, but that method won’t work properly for binary files. ASCII encoding a binary file usually isn’t an option since most embedded systems won’t have utilities like base64 or uuencode in order to un-encode the transferred file, and other transfer methods (Xmodem/Ymodem/Zmodem, Kermit) require a corresponding utility to already be installed on the embedded device.

No, this is not some new SSL vulnerability. In fact, it’s a really old vulnerability, as old as cryptography itself: keep your secret keys secret.

A lot of embedded devices provide HTTPS support so that administrators can administer the devices securely over untrusted networks. Some devices, such as SSL VPNs, center their entire functionality around SSL encryption. OK, well SSL isn’t perfect, but it’s still the de facto standard for Web-based encryption. So far, so good.

Here’s where it gets fun: many of these devices use hard-coded SSL keys that are baked into the firmware. That means that if Alice and Bob are both using the same router with the same firmware version, then both of their routers have the same SSL keys. All Eve needs to do in order to decrypt their traffic is to download the firmware from the vendor’s Web site and extract the SSL private key from the firmware image.

We’ve just released a new version of Binwalk, our open source firmware analysis tool. This release features new firmware signatures and a huge speed increase; scan times for large firmware images went from ~12 hours to less than a minute!